oidc-auth-client 0.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Callis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,240 @@
+# oidc-auth-client
+
+OpenID Connect (OIDC) and OAuth 2.0 client library for JavaScript/TypeScript browser applications.
+
+Handles authentication flows (redirect, popup, silent iframe), token lifecycle (storage, expiry, auto-renewal), session monitoring, and logout — against any standards-compliant OIDC provider (Keycloak, Auth0, Ory Hydra, Azure AD, etc.).
+
+## Installation
+
+```bash
+npm install oidc-auth-client
+```
+
+## Quick Start
+
+```typescript
+import { UserManager } from 'oidc-auth-client';
+
+const userManager = new UserManager({
+  authority: 'https://your-idp.com',
+  client_id: 'your-client-id',
+  redirect_uri: 'https://your-app.com/callback',
+  response_type: 'code',
+  scope: 'openid profile email',
+});
+
+// Initiate login
+await userManager.signinRedirect();
+
+// Handle the callback page
+const user = await userManager.signinRedirectCallback();
+console.log(user.profile.sub);
+
+// Get the current user
+const current = await userManager.getUser();
+
+// Sign out
+await userManager.signoutRedirect();
+```
+
+## TypeScript Usage
+
+Types are generated from source — no separate `@types` package needed.
+
+```typescript
+import {
+  UserManager,
+  UserManagerSettings,
+  User,
+  UserProfile,
+} from 'oidc-auth-client';
+
+const settings: UserManagerSettings = {
+  authority: 'https://your-idp.com',
+  client_id: 'your-client-id',
+  redirect_uri: 'https://your-app.com/callback',
+  response_type: 'code',
+  scope: 'openid profile email',
+  automaticSilentRenew: true,
+  silent_redirect_uri: 'https://your-app.com/silent-renew.html',
+};
+
+const userManager = new UserManager(settings);
+
+userManager.events.addUserLoaded((user: User) => {
+  console.log('User loaded:', user.profile.sub);
+});
+
+userManager.events.addAccessTokenExpired(() => {
+  console.log('Token expired');
+});
+```
+
+## Subpath Imports
+
+```typescript
+// Main entry — all public exports
+import { UserManager, OidcClient } from 'oidc-auth-client';
+
+// Auth only
+import { UserManager } from 'oidc-auth-client/auth';
+
+// Protocol utilities
+import { TokenRevocationClient } from 'oidc-auth-client/protocol';
+
+// Storage
+import { WebStorageStateStore, InMemoryWebStorage } from 'oidc-auth-client/storage';
+
+// Utilities
+import { Log } from 'oidc-auth-client/utils';
+```
+
+## Key Features
+
+- **Authorization Code + PKCE** — secure default; hybrid flow not supported
+- **Silent Renew** — automatic token refresh via hidden iframe
+- **Session Monitoring** — OP check_session iframe integration
+- **Popup & Redirect** — flexible authentication UX
+- **Cordova** — mobile WebView support
+- **Web Crypto API** — native browser crypto via [`jose`](https://github.com/panva/jose); no polyfills
+- **TypeScript** — source-level types; declarations auto-generated by `tsc`
+- **Tree-shakeable** — `sideEffects: false`
+
+## Public API
+
+```typescript
+// Auth
+export { OidcClient, UserManager }
+export type { CreateSigninRequestArgs, CreateSignoutRequestArgs, UserManagerSigninArgs }
+export { OidcClientSettings, UserManagerSettings }
+export type { OidcClientSettingsArgs, UserManagerSettingsArgs }
+export { AccessTokenEvents, UserManagerEvents }
+export { SessionMonitor, SilentRenewService, State, SigninState }
+export type { StateArgs, SigninStateArgs }
+
+// Models
+export { User }
+export type { UserData, UserProfile }
+
+// Storage
+export { WebStorageStateStore, InMemoryWebStorage }
+export type { StateStore }
+
+// Services
+export { MetadataService }
+export type { OidcMetadata }
+
+// Navigation
+export { CheckSessionIFrame, RedirectNavigator, PopupNavigator, IFrameNavigator }
+export { CordovaPopupNavigator, CordovaIFrameNavigator }
+export type { NavigateParams }
+
+// Protocol
+export { TokenRevocationClient }
+export type { TokenSettings }
+
+// Utils
+export { Log, Global }
+```
+
+## Project Structure
+
+```
+src/
+├── auth/           # Authentication core
+│   ├── Client.ts   # OidcClient + UserManager
+│   ├── Settings.ts # OidcClientSettings + UserManagerSettings
+│   ├── Events.ts   # AccessTokenEvents + UserManagerEvents
+│   └── Session.ts  # State, SigninState, SessionMonitor, SilentRenewService
+│
+├── protocol/       # OIDC protocol
+│   ├── Requests.ts          # SigninRequest + SignoutRequest
+│   ├── Responses.ts         # SigninResponse + SignoutResponse + ErrorResponse
+│   ├── ResponseValidator.ts # Token + claims validation
+│   └── TokenService.ts      # TokenClient + TokenRevocationClient + UserInfoService
+│
+├── navigation/     # Browser navigation strategies
+│   └── Navigator.ts # Redirect, Popup, IFrame, Cordova navigators
+│
+├── storage/        # Client-side persistence
+│   └── Storage.ts  # WebStorageStateStore + InMemoryWebStorage
+│
+├── crypto/         # Cryptographic operations
+│   └── Crypto.ts   # JoseUtil (jose-based) + generateRandom
+│
+├── services/       # Infrastructure
+│   ├── Http.ts     # UrlUtility + JsonService + MetadataService
+│   └── Timer.ts    # Timer + ClockService
+│
+├── models/         # Domain models
+│   └── User.ts     # User
+│
+├── types/          # Shared contracts
+│   ├── navigator.ts # NavigateParams, NavigatorResponse, INavigator
+│   ├── crypto.ts    # JwtHeader, JwkKey, JwtPayload, ParsedJwt
+│   ├── user.ts      # UserProfile
+│   └── storage.ts   # StateStore
+│
+└── utils/          # Utilities
+    ├── Log.ts      # Logging
+    ├── Global.ts   # Global timer/interval access
+    └── Event.ts    # EventCallback + EventEmitter
+```
+
+## Examples
+
+See [docs/examples/](docs/examples/) for working integrations:
+
+**Web**
+
+| Example | Description |
+|---------|-------------|
+| [docs/examples/web/spa/](docs/examples/web/spa/) | Vanilla JS single-page app |
+| [docs/examples/web/react/](docs/examples/web/react/) | React with `useAuth` hook and context |
+| [docs/examples/web/vue/](docs/examples/web/vue/) | Vue 3 with `useAuth` composable |
+
+**Guides**
+
+| Example | Description |
+|---------|-------------|
+| [docs/examples/api/](docs/examples/api/) | Authenticated API calls (fetch, axios) |
+| [docs/examples/advanced/](docs/examples/advanced/) | Popup, silent renew, multi-tab sync |
+| [docs/examples/provider/](docs/examples/provider/) | Identity provider configurations |
+| [docs/examples/security/](docs/examples/security/) | Security best practices |
+
+## Scripts
+
+| Script | Command | Purpose |
+|--------|---------|---------|
+| `build` | `tsc` | Compile TypeScript → `dist/` |
+| `type-check` | `tsc --noEmit` | Type-check without emitting |
+| `test` | `vitest` | Watch mode |
+| `test:run` | `vitest run` | Run once (CI) |
+| `test:coverage` | `vitest run --coverage` | Coverage report |
+| `test:package` | `node dist/index.js` | Smoke-test compiled output |
+
+```bash
+# Run tests
+npm run test:run        # 13 test files, 170 tests
+
+# Build
+npm run build           # compiles to dist/
+
+# Type check
+npm run type-check
+```
+
+## Versioning
+
+Version is managed entirely by the CI/CD pipeline from git tags. Do not edit `version` in `package.json` manually.
+
+```bash
+git tag v1.0.0
+git push origin v1.0.0
+```
+
+## License
+
+Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for details.
+
+Copyright (c) Callis Ezenwaka. All rights reserved.

package/dist/index.d.ts

@@ -0,0 +1,21 @@
+export { Log } from './src/utils/Log.js';
+export { Global } from './src/utils/Global.js';
+export { User } from './src/models/User.js';
+export type { UserData } from './src/models/User.js';
+export type { UserProfile } from './src/types/user.js';
+export { WebStorageStateStore, InMemoryWebStorage } from './src/storage/Storage.js';
+export type { StateStore } from './src/types/storage.js';
+export { MetadataService } from './src/services/Http.js';
+export type { OidcMetadata } from './src/services/Http.js';
+export { CheckSessionIFrame, CordovaPopupNavigator, CordovaIFrameNavigator, RedirectNavigator, PopupNavigator, IFrameNavigator, } from './src/navigation/Navigator.js';
+export type { NavigateParams } from './src/navigation/Navigator.js';
+export { TokenRevocationClient } from './src/protocol/TokenService.js';
+export type { TokenSettings } from './src/protocol/TokenService.js';
+export { OidcClient, UserManager } from './src/auth/Client.js';
+export type { CreateSigninRequestArgs, CreateSignoutRequestArgs, UserManagerSigninArgs } from './src/auth/Client.js';
+export { OidcClientSettings, UserManagerSettings } from './src/auth/Settings.js';
+export type { OidcClientSettingsArgs, UserManagerSettingsArgs } from './src/auth/Settings.js';
+export { AccessTokenEvents, UserManagerEvents } from './src/auth/Events.js';
+export { SessionMonitor, SilentRenewService, State, SigninState } from './src/auth/Session.js';
+export type { StateArgs, SigninStateArgs } from './src/auth/Session.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAG/C,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,YAAY,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACpF,YAAY,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAG3D,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,eAAe,GAChB,MAAM,+BAA+B,CAAC;AACvC,YAAY,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAGpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,YAAY,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAGpE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC/D,YAAY,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AACrH,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAC/F,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -0,0 +1,21 @@
+// Copyright (c) Callis Ezenwaka. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+// Utils
+export { Log } from './src/utils/Log.js';
+export { Global } from './src/utils/Global.js';
+// Models
+export { User } from './src/models/User.js';
+// Storage
+export { WebStorageStateStore, InMemoryWebStorage } from './src/storage/Storage.js';
+// Services
+export { MetadataService } from './src/services/Http.js';
+// Navigation
+export { CheckSessionIFrame, CordovaPopupNavigator, CordovaIFrameNavigator, RedirectNavigator, PopupNavigator, IFrameNavigator, } from './src/navigation/Navigator.js';
+// Protocol
+export { TokenRevocationClient } from './src/protocol/TokenService.js';
+// Auth
+export { OidcClient, UserManager } from './src/auth/Client.js';
+export { OidcClientSettings, UserManagerSettings } from './src/auth/Settings.js';
+export { AccessTokenEvents, UserManagerEvents } from './src/auth/Events.js';
+export { SessionMonitor, SilentRenewService, State, SigninState } from './src/auth/Session.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,2GAA2G;AAE3G,QAAQ;AACR,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,SAAS;AACT,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAI5C,UAAU;AACV,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,WAAW;AACX,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAGzD,aAAa;AACb,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,eAAe,GAChB,MAAM,+BAA+B,CAAC;AAGvC,WAAW;AACX,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAGvE,OAAO;AACP,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAE/D,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAEjF,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/src/auth/Client.d.ts

@@ -0,0 +1,135 @@
+import { OidcClientSettings, UserManagerSettings } from './Settings.js';
+import type { OidcClientSettingsArgs, UserManagerSettingsArgs } from './Settings.js';
+import { SigninRequest } from '../protocol/Requests.js';
+import { SigninResponse } from '../protocol/Responses.js';
+import { SignoutRequest } from '../protocol/Requests.js';
+import { SignoutResponse } from '../protocol/Responses.js';
+import { SigninState, State } from './Session.js';
+import { User } from '../models/User.js';
+import type { StateStore } from '../types/storage.js';
+import { UserManagerEvents } from './Events.js';
+import { SilentRenewService, SessionMonitor } from './Session.js';
+import { TokenRevocationClient, TokenClient } from '../protocol/TokenService.js';
+import type { JoseUtilType } from '../crypto/Crypto.js';
+export interface CreateSigninRequestArgs {
+    response_type?: string;
+    scope?: string;
+    redirect_uri?: string;
+    data?: unknown;
+    state?: unknown;
+    prompt?: string;
+    display?: string;
+    max_age?: number;
+    ui_locales?: string;
+    id_token_hint?: string;
+    login_hint?: string;
+    acr_values?: string;
+    resource?: string;
+    request?: string;
+    request_uri?: string;
+    response_mode?: string | null;
+    extraQueryParams?: Record<string, string>;
+    extraTokenParams?: Record<string, unknown>;
+    request_type?: string;
+    skipUserInfo?: boolean;
+}
+export interface CreateSignoutRequestArgs {
+    id_token_hint?: string;
+    data?: unknown;
+    state?: unknown;
+    post_logout_redirect_uri?: string;
+    extraQueryParams?: Record<string, string>;
+    request_type?: string;
+}
+export declare class OidcClient {
+    protected _settings: OidcClientSettings;
+    constructor(settings?: OidcClientSettings | OidcClientSettingsArgs);
+    get _stateStore(): StateStore;
+    get _validator(): import("../protocol/ResponseValidator.js").ResponseValidator;
+    get _metadataService(): import("../services/Http.js").MetadataService;
+    get settings(): OidcClientSettings;
+    get metadataService(): import("../services/Http.js").MetadataService;
+    createSigninRequest({ response_type, scope, redirect_uri, data, state, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource, request, request_uri, response_mode, extraQueryParams, extraTokenParams, request_type, skipUserInfo, }?: CreateSigninRequestArgs, stateStore?: StateStore): Promise<SigninRequest>;
+    readSigninResponseState(url: string, stateStore?: StateStore, removeState?: boolean): Promise<{
+        state: SigninState;
+        response: SigninResponse;
+    }>;
+    processSigninResponse(url: string, stateStore?: StateStore): Promise<SigninResponse>;
+    createSignoutRequest({ id_token_hint, data, state, post_logout_redirect_uri, extraQueryParams, request_type, }?: CreateSignoutRequestArgs, stateStore?: StateStore): Promise<SignoutRequest>;
+    readSignoutResponseState(url: string, stateStore?: StateStore, removeState?: boolean): Promise<{
+        state: State | undefined;
+        response: SignoutResponse;
+    }>;
+    processSignoutResponse(url: string, stateStore?: StateStore): Promise<SignoutResponse>;
+    clearStaleState(stateStore?: StateStore): Promise<void[]>;
+}
+export interface UserManagerSigninArgs extends CreateSigninRequestArgs {
+    useReplaceToNavigate?: boolean;
+    popupWindowFeatures?: string;
+    popupWindowTarget?: string;
+    silentRequestTimeout?: number;
+    refresh_token?: string;
+    id_token_hint?: string;
+    current_sub?: string;
+}
+export interface UserManagerSignoutArgs extends CreateSignoutRequestArgs {
+    useReplaceToNavigate?: boolean;
+    popupWindowFeatures?: string;
+    popupWindowTarget?: string;
+    display?: string;
+}
+export declare class UserManager extends OidcClient {
+    protected _settings: UserManagerSettings;
+    private _events;
+    private _silentRenewService;
+    private _sessionMonitor;
+    private _tokenRevocationClient;
+    private _tokenClient;
+    private _joseUtil;
+    constructor(settings?: UserManagerSettings | UserManagerSettingsArgs, SilentRenewServiceCtor?: typeof SilentRenewService, SessionMonitorCtor?: typeof SessionMonitor, TokenRevocationClientCtor?: typeof TokenRevocationClient, TokenClientCtor?: typeof TokenClient, joseUtil?: JoseUtilType);
+    get settings(): UserManagerSettings;
+    private get _redirectNavigator();
+    private get _popupNavigator();
+    private get _iframeNavigator();
+    private get _userStore();
+    get events(): UserManagerEvents;
+    getUser(): Promise<User | null>;
+    removeUser(): Promise<void>;
+    signinRedirect(args?: UserManagerSigninArgs): Promise<void>;
+    signinRedirectCallback(url?: string): Promise<User>;
+    signinPopup(args?: UserManagerSigninArgs): Promise<User>;
+    signinPopupCallback(url?: string): Promise<User | undefined>;
+    signinSilent(args?: UserManagerSigninArgs): Promise<User | null>;
+    private _useRefreshToken;
+    private _validateIdTokenFromTokenRefreshToken;
+    private _signinSilentIframe;
+    signinSilentCallback(url?: string): Promise<User | undefined>;
+    signinCallback(url?: string): Promise<User | undefined>;
+    signoutCallback(url?: string, keepOpen?: boolean): Promise<SignoutResponse | void>;
+    querySessionStatus(args?: UserManagerSigninArgs): Promise<{
+        session_state: string;
+        sub?: string;
+        sid?: string;
+    } | null>;
+    private _signin;
+    private _signinStart;
+    private _signinEnd;
+    private _signinCallback;
+    signoutRedirect(args?: UserManagerSignoutArgs): Promise<void>;
+    signoutRedirectCallback(url?: string): Promise<SignoutResponse>;
+    signoutPopup(args?: UserManagerSignoutArgs): Promise<void>;
+    signoutPopupCallback(url?: string | boolean, keepOpen?: boolean): Promise<void>;
+    private _signout;
+    private _signoutStart;
+    private _signoutEnd;
+    revokeAccessToken(): Promise<void>;
+    private _revokeInternal;
+    private _revokeAccessTokenInternal;
+    private _revokeRefreshTokenInternal;
+    startSilentRenew(): void;
+    stopSilentRenew(): void;
+    get _userStoreKey(): string;
+    private _loadUser;
+    storeUser(user: User | null): Promise<void>;
+}
+//# sourceMappingURL=Client.d.ts.map

package/dist/src/auth/Client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Client.d.ts","sourceRoot":"","sources":["../../../src/auth/Client.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACxE,OAAO,KAAK,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAErF,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAEjF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAOxD,MAAM,WAAW,uBAAuB;IACtC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,UAAU;IACrB,SAAS,CAAC,SAAS,EAAE,kBAAkB,CAAC;gBAE5B,QAAQ,GAAE,kBAAkB,GAAG,sBAA2B;IAQtE,IAAI,WAAW,IAAI,UAAU,CAE5B;IACD,IAAI,UAAU,iEAEb;IACD,IAAI,gBAAgB,kDAEnB;IAED,IAAI,QAAQ,IAAI,kBAAkB,CAEjC;IACD,IAAI,eAAe,kDAElB;IAEK,mBAAmB,CACvB,EACE,aAAa,EACb,KAAK,EACL,YAAY,EACZ,IAAI,EACJ,KAAK,EACL,MAAM,EACN,OAAO,EACP,OAAO,EACP,UAAU,EACV,aAAa,EACb,UAAU,EACV,UAAU,EACV,QAAQ,EACR,OAAO,EACP,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,YAAY,GACb,GAAE,uBAA4B,EAC/B,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC;IAqEzB,uBAAuB,CACrB,GAAG,EAAE,MAAM,EACX,UAAU,CAAC,EAAE,UAAU,EACvB,WAAW,GAAE,OAAe,GAC3B,OAAO,CAAC;QAAE,KAAK,EAAE,WAAW,CAAC;QAAC,QAAQ,EAAE,cAAc,CAAA;KAAE,CAAC;IA+B5D,qBAAqB,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IASpF,oBAAoB,CAClB,EACE,aAAa,EACb,IAAI,EACJ,KAAK,EACL,wBAAwB,EACxB,gBAAgB,EAChB,YAAY,GACb,GAAE,wBAA6B,EAChC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,cAAc,CAAC;IAkC1B,wBAAwB,CACtB,GAAG,EAAE,MAAM,EACX,UAAU,CAAC,EAAE,UAAU,EACvB,WAAW,GAAE,OAAe,GAC3B,OAAO,CAAC;QAAE,KAAK,EAAE,KAAK,GAAG,SAAS,CAAC;QAAC,QAAQ,EAAE,eAAe,CAAA;KAAE,CAAC;IAqCnE,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC;IActF,eAAe,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;CAK1D;AAMD,MAAM,WAAW,qBAAsB,SAAQ,uBAAuB;IACpE,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,sBAAuB,SAAQ,wBAAwB;IACtE,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,WAAY,SAAQ,UAAU;IACzC,SAAS,CAAC,SAAS,EAAE,mBAAmB,CAAC;IACzC,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,mBAAmB,CAAqB;IAChD,OAAO,CAAC,eAAe,CAA6B;IACpD,OAAO,CAAC,sBAAsB,CAAwB;IACtD,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,SAAS,CAAe;gBAG9B,QAAQ,GAAE,mBAAmB,GAAG,uBAA4B,EAC5D,sBAAsB,GAAE,OAAO,kBAAuC,EACtE,kBAAkB,GAAE,OAAO,cAA+B,EAC1D,yBAAyB,GAAE,OAAO,qBAA6C,EAC/E,eAAe,GAAE,OAAO,WAAyB,EACjD,QAAQ,GAAE,YAAuB;IA2BnC,IAAI,QAAQ,IAAI,mBAAmB,CAElC;IAED,OAAO,KAAK,kBAAkB,GAE7B;IACD,OAAO,KAAK,eAAe,GAE1B;IACD,OAAO,KAAK,gBAAgB,GAE3B;IACD,OAAO,KAAK,UAAU,GAErB;IAED,IAAI,MAAM,IAAI,iBAAiB,CAE9B;IAED,OAAO,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAa/B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAO3B,cAAc,CAAC,IAAI,GAAE,qBAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAW/D,sBAAsB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWnD,WAAW,CAAC,IAAI,GAAE,qBAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IA0B5D,mBAAmB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC;IAQ5D,YAAY,CAAC,IAAI,GAAE,qBAA0B,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAuBpE,OAAO,CAAC,gBAAgB;IAwCxB,OAAO,CAAC,qCAAqC;IA+B7C,OAAO,CAAC,mBAAmB;IAuB3B,oBAAoB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC;IAI7D,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC;IAevD,eAAe,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAelF,kBAAkB,CAAC,IAAI,GAAE,qBAA0B,GAAG,OAAO,CAAC;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAqD3H,OAAO,CAAC,OAAO;IAMf,OAAO,CAAC,YAAY;IA0BpB,OAAO,CAAC,UAAU;IAuBlB,OAAO,CAAC,eAAe;IASvB,eAAe,CAAC,IAAI,GAAE,sBAA2B,GAAG,OAAO,CAAC,IAAI,CAAC;IAejE,uBAAuB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAO/D,YAAY,CAAC,IAAI,GAAE,sBAA2B,GAAG,OAAO,CAAC,IAAI,CAAC;IAsB9D,oBAAoB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAY/E,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,aAAa;IA6CrB,OAAO,CAAC,WAAW;IAOnB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBlC,OAAO,CAAC,eAAe;IAkBvB,OAAO,CAAC,0BAA0B;IAQlC,OAAO,CAAC,2BAA2B;IAOnC,gBAAgB,IAAI,IAAI;IAIxB,eAAe,IAAI,IAAI;IAIvB,IAAI,aAAa,IAAI,MAAM,CAE1B;IAED,OAAO,CAAC,SAAS;IAWjB,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAU5C"}